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REMARKS 

Posture of the Case 

Claims 1-35 were originally filed. In a first Office action of February 22, 2007, claims 
18-35 were rejected under 35 USC 101 on grounds that the invention claimed therein was 
directed to non-statutory subject matter. Amendments in Reply A, filed May 22, 2007, overcame 
the rejection. 

The first Office action rejected claims 1-5, 10-12, 15, 18-22, 26-31 and 35 under 35 USC 
102(a) as being anticipated by U.S. Patent 5,592,553 (Guski) and claims 6-9, 13, 14, 16, 17, 
23-26, 32-35 under 35 USC 103(a) as being unpatentable over Guski in view of well-known 
practices in the art. In Reply A, Applicant amended claims to overcome the rejections, pointing 
out the novel and nonobvious differences of the present invention. 

A second, final Office action of July 17, 2007, maintained and clarified the prior art 
rejections. Applicant then filed a Request for Reconsideration (the "RCE") of October 17, 2007, 
in which Applicant amended claims 1, 2, 18, 19, 27, and 28 to more certainly overcome the prior 
art rejections. 

In a third Office action of December 18, 2007, Examiner indicated that Applicant's 
arguments with respect to Guski were not persuasive. The third Office action further rejected 
claims 1-3, 18-20 and 27-29 under 35 USC 1 12, without stating which paragraph. The 
explanation of the rejection indicated, however, that the rejection was under 35 USC 1 12, second 
paragraph, since the explanation stated the claims were "indefinite." Applicant responded with a 
Notice of Appeal and Pre- Appeal Brief Request for Review, filed March 18, 2008. 

Present Office Action 

A Notice of Panel Decision from Pre-Appeal Brief Review of May 27, 2008, indicated 
that the rejections were withdrawn. A fourth, non-final Office action (the "present Office 
action") was subsequently issued on May 21, 2008, merely to add a rejection under 35 USC 1 12, 
first paragraph. The present Office action maintains the same rejection under 35 USC 1 12, 
second paragraph and the same prior art rejections. 
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Specifically, claims 1, 3, 18, 19, 27 and 28 stand rejected under 35 U.S.C. 1 12, first 
paragraph, as failing to comply with the written description requirement on the basis that there is 
no embodiment where the time interval is specified and not specified. 

Claims 1-3, 18-20, and 27-29 also stand rejected under 35 U.S.C. 1 12, second paragraph, 
as being "indefinite" for claiming two different embodiments of the present invention in one 
claim and on grounds it is unclear whether the claimed password is time dependent. 

Claim 1-5, 10, 18-22, 26-31 and 35 rejected under 35 U.S.C. 102(a) as being anticipated 
by Guski. Claim 6-9, 23-26, and 32-35 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Guski in view of well-known practices in the art, i.e., official notice. 

Action herein by Applicant 

To overcome the rejections, Applicant herein amends claims 1-3 and cancels claims 4 
and 18-35 from further consideration, but is not conceding that the subject matter encompassed 
by claims 4 and 18-35 prior to this reply is unpatentable over the art cited by the Examiner. 
Claims 4 and 18-35 are herein canceled solely to facilit ite expeditious prosecution of the 
remaining claims. Applicant respectfully reserves the right to pursue additional claims, including 
the subject matter encompassed by 4 and 18-35, as presented prior to this reply in one or more 
continuing applications. 

Applicant's remarks regarding rejections under 35 U.S.C. 112, first 

and second paragraphs 

With regard to the assertion that it is impermissible for claims to recite features of two 
embodiments, Applicant respectfully disagrees and requests citation of authority for this position. 
Applicant has repeatedly stated this position and requested authority for the position that is 
asserted in the Office actions. Nevertheless, the questic n of whether it is permissible to claim 
features of two embodiments is moot, since the features claimed in the present case are disclosed 
in a single embodiment. Applicant has also pointed thii out previously. See remarks on page 12 
accompanying the RCE, and on page 4 of Applicant's Pre- Appeal Brief Request for Review. 

Specifically, FIG. 3 of the present application illustrates an embodiment of the invention 
in which a method is practiced wherein a loop from use • input block 306 down through 
numerous logic blocks to decision block 330 and back to user input block 306 includes a user 
selection each time to enter password constraints, including "select time period" in block 3 14. 
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And paragraph 0035 of the original application, as published, includes the following: "Control 
then passes from step 3 12 to step 3 14, in which the user indicates whether there is a time period 
associated with the password. At step 3 10, if there are no password constraints, the answer is 
No, and control bypasses step 312 and proceeds directly to step 314. In step 3 14, the user is 
presented with radio buttons indicating whether the password to be generated is valid for a 
month, quarter, half-year, or year. There is also an option to indicate that the life of the password 
does not have a time constraint." Thus, is should be understood the present application clearly 
teaches that in each execution of the main loop of process 300 a time constraint or time period 
may be specified, so that in some instances of the loop, applicability of a time period is selected 
and a time period is specified, while in other instances the user may select not to have a time 
period apply. 

Applicant's remarks regarding prior art rejections 

Claim 1 (prior to the current amendment) recites that "the generated first password is 
identical in its first and second instances if a time interval has been user specified but has not 
elapsed between the first and second times and if no time interval has been user specified for the 
first and second instances." However, the Office action maintains that Guski et al. teaches what 
is recited. The Office action posits a particular interpretation of claim 1 in which a portion of the 
claim is construed as "generating a second instance of the first password for said first application* 
by the password generator, wherein the generating of the second instance of the first password is 
based on at least said first application name received at the second time and based on said single 
key, and the generated first password is identical in its first and second instance if a time interval 
has been user specified but not elapsed between the first and second times or if no time interval 
has been user specified for the first and second instances." That is, the Office action construes 
the claim in a manner such that the first and second "if clauses near the end of the above recited 
language may be met by teaching in the prior art about merely one or the other of the "if 
conditions. Applicant disagrees with this claim construction. Further, Applicant disagrees that 
Guski teaches either of the features recited in the "if clauses. 

During a telephone interview with Examiner Devin on June 4, 2008, agreement was not 
reached regarding either the matter of claim construction or the matter of what Guski teaches. 
Applicant requested that authority be cited for the claim construction. Although agreement was 
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not reached in the telephone interview, Applicant thanks Examiner Devin for his courtesy. The 
interview helped Applicant to understand the present Office action. 

Despite Applicant's position that Guski does not meet the recited claim features for 
which the reference is relied upon, Applicant nevertheless herein submits amendments to even 
more certainly claim features of the present invention in a manner that particularly points out 
how the invention differs from the cited art. As stated herein above, this is done merely to 
expedite allowance. This should in no way be construed as a disclaimer of Applicant's 
previously submitted claims. 

No new matter is included in the amended claims, since the original application provides 
support, as explained herein above regarding FIG. 3. That is, amended claims 1-3 clearly parallel 
features shown in FIG. 3, which is described in the original specification, where the main loop of 
process of FIG. 3 is executed repeatedly with different user choices made in different instances. 
(The term "time interval" is amended in the claims in favor of "time period." This is merely for 
consistency. Applicant noticed on review that the term "time period" was used in the original 
claims. Applicant considers the two terms have the same meaning.) 

The rejection argues that Guski, col. 6, line 61 - col. 7, line 3, teaches a password is valid 
for a predetermined time interval, and that this anticipates a password generator producing the 
same password "if no time interval has been user specified" and "if a time interval has been user 
specified but has not elapsed" between certain times. Applicant respectfully disagrees. 

What the cited passage states is the following: * 

Password generator 300 is invoked when a user wishes to access a host application. When 
invoked, the password generator generates a one-time password 3 10 as a function of the user ID 
302, application ID 304, signon key 306 and time/date 308. Password 3 10 is transmitted to the 
authenticating node 104, together with the user ID 302 and application ID 304, as part of a signon 
request 320. 

Applicant respectfully submits that this actually teaches the opposite of that for which it is cited. 
That is, the passage teaches generating a "one-time password." Generating a "one-time 
password" is directly contrary to generating the same password at two different times, i.e., in first 
and second instances, where the first instance is at a first time and the second instance is at a 
second time, as claimed. If Guski wanted to convey generating the same password at two 
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different times, then using the type of terminology Guski did use, Guski might have said a 
"two-time password" or a "multiple-time password." But this is not what Guski said. 

Indeed, elsewhere Guski teaches about a time interval that is also directly contrary to 
what is claimed in the present case. That is, Guski states the following: 

If the received password 310 does correspond to a legal password, then the password evaluator 
312 determines whether the received password is identical to any valid password received over a 
predefined time interval (step 708); the interval is 10 minutes in the disclosed embodiment, but 
may be more or less if desired. If the received password is identical to a password received within 
the defined time interval, the just-received password is rejected as a "replay" of the previously 
received password (step 706). Since the valid password for a given used ID and application ID 
changes every second in the disclosed embodiment, the only realistic manner in which an identical 
password could be generated is by interception of a previously transmitted password (e.g., as it 
traverses the communications channel 106) and "replay" of that password by injecting it back into 
the system. 

Col. 9, line 55 - col. 10, line 3. 

In this passage, Guski teaches that if two instances of the same password are received 
during a predetermined time interval, the password is rejected, since Guski's password generator 
should not generate two identical passwords. Note that limiting the testing of passwords for 
sameness to an interval such as 10 minutes is presumably merely due to the memory required to 
save received passwords for comparison, not because Guski teaches generating identical 
passwords after the 10 minute interval. Indeed, given that Guski teaches generating passwords as 
a function of time/date 308, Gush's password generator should not generate two identical 
passwords at two different times. 

In summary, Guski does not teach or suggest a process for password generation that 
includes instances of receiving user selections regarding time periods and where the same 
password is generated in the different instances, such that in one instance no time period has 
been user specified and in another instance a time period is specified but has not elapsed between 
instances, as previously claimed and now even more particularly claimed. Claim 1 (first and 
second instances: first and second user selections specifying that no time period applies and the 
generated first password is identical in its first and second instances; third instance: third user 
selection after the third time specifying that a first time period applies in the generating of a 
password by the password generator and if the third time is after the second time by less than the 
specified first time period the generated first password is identical in its first, second and third 
instances). 
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Further, Guski does not teach or suggest a process for password generation that includes 
instances of receiving user selections regarding time periods and the same password is generated 
in the different instances, where in one instance no time period has been user specified, and in 
another instance a user specified time period has not elapsed between instances, and that includes 
an instance in which a user specified time period has elapsed between instances so that in another 
instance the generated password is different, as claimed. Combination of claim 1 and claim 3 
(generating a fourth instance of the first password for said first application by the password 
generator, wherein the generating of the fourth instance of the first password is based on at least 
said first application name received at the fourth time and based on said single key, wherein the 
fourth time is after the third time by more than the specified second time period, so that the 
fourth instance of the generated first password is different than at least its first and second 
instances). 

Further, Guski does not teach or suggest a process for password generation that includes 
instances of receiving a first application name and user selections regarding time periods and the 
same password is generated in the different instances, where in one instance no time period has 
been user specified, and in another instance a user specified time period has not elapsed between 
instances, and that includes an instance in which a second application name is received by the 
password generator and for this second application a password that is different than the first 
password is generated but is the same in different instances, where in one instance no time period 
has been user specified, and in another instance a user specified time period has not elapsed 
between instances, as recited in the combination of claim 1 and claim 2. 

Applicant submits, therefore, that claims 1, 2 and 3 are allowable and that claims 5-10 are 
allowable at least because they depend on one or more of the allowable claims. 
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REQUESTED ACTION 



For the reasons explained herein above, Applicant requests that all the claims be promptly 
allowed and that the application be passed to issuance. 



Anthony V. if. England 
Attorney for IBM Corporation 
Registration No. 35,129 
512-477-7165 
a@aengland.com 
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